Overflow Mechanism The purpose of this message is to announce the immediate availability of an overflow mechanism designed to mitigate customer impact in the event the existing FocalpointNet platform reaches session capacity. Per our April 11 advisory, this is a precautionary action. Based on current loads, we do not expect any large scale breaches in the near future. However the potential exists for isolated instances where the system may briefly refuse new logins. By the end of May, a new larger capacity platform will be ready for use and eliminate the need for this mechanism The overflow option should be engaged for customers who receive "maximum sessions reached" error during log in attempts. Please use the overflow for this purpose only. While there is ample capacity to cover the aforementioned condition, the infrastructure is not yet in a position to handle the full population of Focalpoint Net users. To access the overflow system, the customer will be required to change their Focalpoint Net DNS to one of those listed later in the message. The new DNS are segregated by function such as PPTP, IPSEC, NAT-T and GIDS. As an example, an IPSEC customer should be directed to FPNETIPSEC.GALILEO.COM, while a NAT-T customer goes to FPNETNATT.GALILEO.COM, etc. For those customers behind a firewall, they must be configured to pass traffic on the 198.151.32.0/24 address range. The attached firewall advisory contains the port details. The same firewall rules are required when the new Focalpoint Net platform comes on-line. Therefore, consider propagating the information to your FocalpointNet firewall customers in advance. If a customer moves to the overflow system, they can remain there and do not need to change DNS again. The overflow hardware and DNS are already integrated in the new platform. The preference is to use the DNS addressing. The numeric is provided only as a failsafe where DNS resolution is unavailable or otherwise inoperable. IP addresses are subject to change. Those who use the numeric address can be affected if changes do occur. IPSEC Users = FPNETIPSEC.GALILEO.COM (IP = 198.151.32.105) PPTP Users = FPNETPPTP.GALILEO.COM (IP = 198.151.32.103) NAT-T Users = FPNETNATT.GALILEO.COM (IP = 198.151.32.110) GIDS Users = GIDSVPN.GALILEO.COM (IP = 198.151.32.111) FocalpointNet VPN Firewall Rules Purpose: Impending changes to the current FocalpointNet infrastructure requires that customers using this product (with Firewalls) add additional rule-sets to include a new IP range. Required Port and Protocol Information: UDP500 for isakmp Protocol 50 (IPSec ESP) UDP4500 for NAT-T tcp 1723 PPTP Protocol 47 GRE Customers should have something similar to this configuration already.. Generic Rules: Source Destination Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP 12.17.202.0/23 Agency LAN IP or 3rd party Router Public IP Protocol udp (17) 500 ipsec esp (50) N/A udp (17) 4500 TCP (47) 1723 udp (17) 500 ipsec esp (50) N/A udp (17) 4500 TCP (47) 1723 Port New information for customers. Customers with Firewalls should add similar information to their firewalls to allow new subnet range for FocalpointNet VPN client connectivity. Source Agency LAN IP or 3rd party Router Public IP Agency LAN IP or 3rd party Router Public IP Agency LAN IP or 3rd party Router Public IP Agency LAN IP or 3rd party Router Public IP 198.151.32.0/24 198.151.32.0/24 198.151.32.0/24 198.151.32.0/24 Destination 198.151.32.0/24 198.151.32.0/24 198.151.32.0/24 198.151.32.0/24 Agency LAN IP or 3rd party Router Public IP Agency LAN IP or 3rd party Router Public IP Agency LAN IP or 3rd party Router Public IP Agency LAN IP or 3rd party Router Public IP Protocol udp (17) ipsec esp (50) N/A udp (17) TCP (47) udp (17) ipsec esp (50) N/A udp (17) TCP (47) Port 500 4500 1723 500 4500 1723